Vulnerability Development mailing list archives
Re: "Universal Plug and Play technology exploit code"
From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: 24 Dec 2001 22:59:20 +0100
"Sebastian Wells" <alterego () negaverse org> writes:
Is this an exploit to the most recent UPnP hole that was posted to bugtraq? In the discussion of that vulnerability it was stated that UPnP was on UDP port 1900. Am I just confused?
UPnP support comes with a web server on TCP port 5000 (which processes SOAP requests, IIRC). Another UDP-based web server seems to be listening on port 1900, implementing SSDP (yes, there's an IETF draft floating around for HTTP over UDP). -- Florian Weimer Florian.Weimer () RUS Uni-Stuttgart DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
Current thread:
- "Universal Plug and Play technology exploit code" KRFinisterre (Dec 24)
- Re: "Universal Plug and Play technology exploit code" Sebastian Wells (Dec 24)
- Re: "Universal Plug and Play technology exploit code" Ryan Permeh (Dec 24)
- Re[2]: "Universal Plug and Play technology exploit code" 3APA3A (Dec 26)
- Re: "Universal Plug and Play technology exploit code" Florian Weimer (Dec 24)
- RE: "Universal Plug and Play technology exploit code" Atacdad (Dec 26)
- Re: "Universal Plug and Play technology exploit code" Ryan Permeh (Dec 24)
- Re: "Universal Plug and Play technology exploit code" Sebastian Wells (Dec 24)